• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16import type { AsyncCallback } from './@ohos.base';
17import cryptoFramework from '@ohos.security.cryptoFramework';
18
19/**
20 * Provides a series of capabilities related to certificates,
21 * which supports parsing, verification, and output of certificates, extensions, and CRLs.
22 *
23 * @namespace cert
24 * @syscap SystemCapability.Security.Cert
25 * @since 9
26 */
27declare namespace cert {
28  /**
29   * Enum for result code
30   *
31   * @enum { number }
32   * @syscap SystemCapability.Security.Cert
33   * @since 9
34   */
35  enum CertResult {
36    /**
37     * Indicates that input parameters is invalid.
38     *
39     * @syscap SystemCapability.Security.Cert
40     * @since 9
41     */
42    INVALID_PARAMS = 401,
43
44    /**
45     * Indicates that function or algorithm is not supported.
46     *
47     * @syscap SystemCapability.Security.Cert
48     * @since 9
49     */
50    NOT_SUPPORT = 801,
51
52    /**
53     * Indicates the memory error.
54     *
55     * @syscap SystemCapability.Security.Cert
56     * @since 9
57     */
58    ERR_OUT_OF_MEMORY = 19020001,
59
60    /**
61     * Indicates that runtime error.
62     *
63     * @syscap SystemCapability.Security.Cert
64     * @since 9
65     */
66    ERR_RUNTIME_ERROR = 19020002,
67
68    /**
69     * Indicates the crypto operation error.
70     *
71     * @syscap SystemCapability.Security.Cert
72     * @since 9
73     */
74    ERR_CRYPTO_OPERATION = 19030001,
75
76    /**
77     * Indicates that the certificate signature verification failed.
78     *
79     * @syscap SystemCapability.Security.Cert
80     * @since 9
81     */
82    ERR_CERT_SIGNATURE_FAILURE = 19030002,
83
84    /**
85     * Indicates that the certificate has not taken effect.
86     *
87     * @syscap SystemCapability.Security.Cert
88     * @since 9
89     */
90    ERR_CERT_NOT_YET_VALID = 19030003,
91
92    /**
93     * Indicates that the certificate has expired.
94     *
95     * @syscap SystemCapability.Security.Cert
96     * @since 9
97     */
98    ERR_CERT_HAS_EXPIRED = 19030004,
99
100    /**
101     * Indicates a failure to obtain the certificate issuer.
102     *
103     * @syscap SystemCapability.Security.Cert
104     * @since 9
105     */
106    ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 19030005,
107
108    /**
109     * The key cannot be used for signing a certificate.
110     *
111     * @syscap SystemCapability.Security.Cert
112     * @since 9
113     */
114    ERR_KEYUSAGE_NO_CERTSIGN = 19030006,
115
116    /**
117     * The key cannot be used for digital signature.
118     *
119     * @syscap SystemCapability.Security.Cert
120     * @since 9
121     */
122    ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE = 19030007
123  }
124
125  /**
126   * Provides the data blob type.
127   *
128   * @typedef DataBlob
129   * @syscap SystemCapability.Security.Cert
130   * @since 9
131   */
132  interface DataBlob {
133    /**
134     * Indicates the content of data blob.
135     *
136     * @type { Uint8Array }
137     * @syscap SystemCapability.Security.Cert
138     * @since 9
139     */
140    data: Uint8Array;
141  }
142
143  /**
144   * Provides the data array type.
145   *
146   * @typedef DataArray
147   * @syscap SystemCapability.Security.Cert
148   * @since 9
149   */
150  interface DataArray {
151    /**
152     * Indicates the content of data array.
153     *
154     * @type { Array<Uint8Array> }
155     * @syscap SystemCapability.Security.Cert
156     * @since 9
157     */
158    data: Array<Uint8Array>;
159  }
160
161  /**
162   * Enum for supported cert encoding format.
163   *
164   * @enum { number }
165   * @syscap SystemCapability.Security.Cert
166   * @since 9
167   */
168  enum EncodingFormat {
169    /**
170     * The value of cert DER format.
171     *
172     * @syscap SystemCapability.Security.Cert
173     * @since 9
174     */
175    FORMAT_DER = 0,
176
177    /**
178     * The value of cert PEM format.
179     *
180     * @syscap SystemCapability.Security.Cert
181     * @since 9
182     */
183    FORMAT_PEM = 1
184  }
185
186  /**
187   * Enum for the certificate item type.
188   *
189   * @enum { number }
190   * @syscap SystemCapability.Security.Cert
191   * @since 10
192   */
193  enum CertItemType {
194    /**
195     * Indicates to get certificate TBS(to be signed) value.
196     *
197     * @syscap SystemCapability.Security.Cert
198     * @since 10
199     */
200    CERT_ITEM_TYPE_TBS = 0,
201
202    /**
203     * Indicates to get certificate public key.
204     *
205     * @syscap SystemCapability.Security.Cert
206     * @since 10
207     */
208    CERT_ITEM_TYPE_PUBLIC_KEY = 1,
209
210    /**
211     * Indicates to get certificate issuer unique id value.
212     *
213     * @syscap SystemCapability.Security.Cert
214     * @since 10
215     */
216    CERT_ITEM_TYPE_ISSUER_UNIQUE_ID = 2,
217
218    /**
219     * Indicates to get certificate subject unique id value.
220     *
221     * @syscap SystemCapability.Security.Cert
222     * @since 10
223     */
224    CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID = 3,
225
226    /**
227     * Indicates to get certificate extensions value.
228     *
229     * @syscap SystemCapability.Security.Cert
230     * @since 10
231     */
232    CERT_ITEM_TYPE_EXTENSIONS = 4
233  }
234
235  /**
236   * Enumerates for the certificate extension object identifier (OID) types.
237   *
238   * @enum { number }
239   * @syscap SystemCapability.Security.Cert
240   * @since 10
241   */
242  enum ExtensionOidType {
243    /**
244     * Indicates to obtain all types of OIDs, including critical and uncritical types.
245     *
246     * @syscap SystemCapability.Security.Cert
247     * @since 10
248     */
249    EXTENSION_OID_TYPE_ALL = 0,
250
251    /**
252     * Indicates to obtain OIDs of the critical type.
253     *
254     * @syscap SystemCapability.Security.Cert
255     * @since 10
256     */
257    EXTENSION_OID_TYPE_CRITICAL = 1,
258
259    /**
260     * Indicates to obtain OIDs of the uncritical type.
261     *
262     * @syscap SystemCapability.Security.Cert
263     * @since 10
264     */
265    EXTENSION_OID_TYPE_UNCRITICAL = 2
266  }
267
268  /**
269   * Enum for the certificate extension entry type.
270   *
271   * @enum { number }
272   * @syscap SystemCapability.Security.Cert
273   * @since 10
274   */
275  enum ExtensionEntryType {
276    /**
277     * Indicates to get extension entry.
278     *
279     * @syscap SystemCapability.Security.Cert
280     * @since 10
281     */
282    EXTENSION_ENTRY_TYPE_ENTRY = 0,
283
284    /**
285     * Indicates to get extension entry critical.
286     *
287     * @syscap SystemCapability.Security.Cert
288     * @since 10
289     */
290    EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL = 1,
291
292    /**
293     * Indicates to get extension entry value.
294     *
295     * @syscap SystemCapability.Security.Cert
296     * @since 10
297     */
298    EXTENSION_ENTRY_TYPE_ENTRY_VALUE = 2
299  }
300
301  /**
302   * Provides the cert encoding blob type.
303   *
304   * @typedef EncodingBlob
305   * @syscap SystemCapability.Security.Cert
306   * @since 9
307   */
308  interface EncodingBlob {
309    /**
310     * The data input.
311     *
312     * @type { Uint8Array }
313     * @syscap SystemCapability.Security.Cert
314     * @since 9
315     */
316    data: Uint8Array;
317    /**
318     * The data encoding format.
319     *
320     * @type { EncodingFormat }
321     * @syscap SystemCapability.Security.Cert
322     * @since 9
323     */
324    encodingFormat: EncodingFormat;
325  }
326
327  /**
328   * Provides the cert chain data type.
329   *
330   * @typedef CertChainData
331   * @syscap SystemCapability.Security.Cert
332   * @since 9
333   */
334  interface CertChainData {
335    /**
336     * The data input.
337     *
338     * @type { Uint8Array }
339     * @syscap SystemCapability.Security.Cert
340     * @since 9
341     */
342    data: Uint8Array;
343    /**
344     * The number of certs.
345     *
346     * @type { number }
347     * @syscap SystemCapability.Security.Cert
348     * @since 9
349     */
350    count: number;
351    /**
352     * The data encoding format.
353     *
354     * @type { EncodingFormat }
355     * @syscap SystemCapability.Security.Cert
356     * @since 9
357     */
358    encodingFormat: EncodingFormat;
359  }
360
361  /**
362   * Provides the x509 cert type.
363   *
364   * @typedef X509Cert
365   * @syscap SystemCapability.Security.Cert
366   * @since 9
367   */
368  interface X509Cert {
369    /**
370     * Verify the X509 cert.
371     *
372     * @param { cryptoFramework.PubKey } key - public key to verify cert.
373     * @param { AsyncCallback<void> } callback - the callback of verify.
374     * @throws { BusinessError } 401 - invalid parameters.
375     * @throws { BusinessError } 19030001 - crypto operation error.
376     * @syscap SystemCapability.Security.Cert
377     * @since 9
378     */
379    verify(key: cryptoFramework.PubKey, callback: AsyncCallback<void>): void;
380
381    /**
382     * Verify the X509 cert.
383     *
384     * @param { cryptoFramework.PubKey } key - public key to verify cert.
385     * @returns { Promise<void> } the promise returned by the function.
386     * @throws { BusinessError } 401 - invalid parameters.
387     * @throws { BusinessError } 19030001 - crypto operation error.
388     * @syscap SystemCapability.Security.Cert
389     * @since 9
390     */
391    verify(key: cryptoFramework.PubKey): Promise<void>;
392
393    /**
394     * Get X509 cert encoded data.
395     *
396     * @param { AsyncCallback<EncodingBlob> } callback - the callback of getEncoded.
397     * @throws { BusinessError } 401 - invalid parameters.
398     * @throws { BusinessError } 19020001 - memory error.
399     * @throws { BusinessError } 19020002 - runtime error.
400     * @throws { BusinessError } 19030001 - crypto operation error.
401     * @syscap SystemCapability.Security.Cert
402     * @since 9
403     */
404    getEncoded(callback: AsyncCallback<EncodingBlob>): void;
405
406    /**
407     * Get X509 cert encoded data.
408     *
409     * @returns { Promise<EncodingBlob> } the promise of X509 cert encoded data.
410     * @throws { BusinessError } 401 - invalid parameters.
411     * @throws { BusinessError } 19020001 - memory error.
412     * @throws { BusinessError } 19020002 - runtime error.
413     * @throws { BusinessError } 19030001 - crypto operation error.
414     * @syscap SystemCapability.Security.Cert
415     * @since 9
416     */
417    getEncoded(): Promise<EncodingBlob>;
418
419    /**
420     * Get X509 cert public key.
421     *
422     * @returns { cryptoFramework.PubKey } X509 cert pubKey.
423     * @throws { BusinessError } 19020001 - memory error.
424     * @throws { BusinessError } 19030001 - crypto operation error.
425     * @syscap SystemCapability.Security.Cert
426     * @since 9
427     */
428    getPublicKey(): cryptoFramework.PubKey;
429
430    /**
431     * Check the X509 cert validity with date.
432     *
433     * @param { string } date - indicates the cert date.
434     * @throws { BusinessError } 401 - invalid parameters.
435     * @throws { BusinessError } 19020001 - memory error.
436     * @throws { BusinessError } 19030001 - crypto operation error.
437     * @throws { BusinessError } 19030003 - the certificate has not taken effect.
438     * @throws { BusinessError } 19030004 - the certificate has expired.
439     * @syscap SystemCapability.Security.Cert
440     * @since 9
441     */
442    checkValidityWithDate(date: string): void;
443
444    /**
445     * Get X509 cert version.
446     *
447     * @returns { number } X509 cert version.
448     * @syscap SystemCapability.Security.Cert
449     * @since 9
450     */
451    getVersion(): number;
452
453    /**
454     * Get X509 cert serial number.
455     *
456     * @returns { number } X509 cert serial number.
457     * @syscap SystemCapability.Security.Cert
458     * @since 9
459     * @deprecated since 10
460     * @useinstead ohos.security.cert.X509Cert.getCertSerialNumber
461     */
462    getSerialNumber(): number;
463
464    /**
465     * Get X509 cert serial number.
466     *
467     * @returns { bigint } X509 cert serial number.
468     * @throws { BusinessError } 19020002 - runtime error.
469     * @syscap SystemCapability.Security.Cert
470     * @since 10
471     */
472    getCertSerialNumber(): bigint;
473
474    /**
475     * Get X509 cert issuer name.
476     *
477     * @returns { DataBlob } X509 cert issuer name.
478     * @throws { BusinessError } 19020001 - memory error.
479     * @throws { BusinessError } 19020002 - runtime error.
480     * @throws { BusinessError } 19030001 - crypto operation error.
481     * @syscap SystemCapability.Security.Cert
482     * @since 9
483     */
484    getIssuerName(): DataBlob;
485
486    /**
487     * Get X509 cert subject name.
488     *
489     * @returns { DataBlob } X509 cert subject name.
490     * @throws { BusinessError } 19020001 - memory error.
491     * @throws { BusinessError } 19020002 - runtime error.
492     * @throws { BusinessError } 19030001 - crypto operation error.
493     * @syscap SystemCapability.Security.Cert
494     * @since 9
495     */
496    getSubjectName(): DataBlob;
497
498    /**
499     * Get X509 cert not before time.
500     *
501     * @returns { string } X509 cert not before time.
502     * @throws { BusinessError } 19020001 - memory error.
503     * @throws { BusinessError } 19020002 - runtime error.
504     * @throws { BusinessError } 19030001 - crypto operation error.
505     * @syscap SystemCapability.Security.Cert
506     * @since 9
507     */
508    getNotBeforeTime(): string;
509
510    /**
511     * Get X509 cert not after time.
512     *
513     * @returns { string } X509 cert not after time.
514     * @throws { BusinessError } 19020001 - memory error.
515     * @throws { BusinessError } 19020002 - runtime error.
516     * @throws { BusinessError } 19030001 - crypto operation error.
517     * @syscap SystemCapability.Security.Cert
518     * @since 9
519     */
520    getNotAfterTime(): string;
521
522    /**
523     * Get X509 cert signature.
524     *
525     * @returns { DataBlob } X509 cert signature.
526     * @throws { BusinessError } 19020001 - memory error.
527     * @throws { BusinessError } 19020002 - runtime error.
528     * @throws { BusinessError } 19030001 - crypto operation error.
529     * @syscap SystemCapability.Security.Cert
530     * @since 9
531     */
532    getSignature(): DataBlob;
533
534    /**
535     * Get X509 cert signature's algorithm name.
536     *
537     * @returns { string } X509 cert signature's algorithm name.
538     * @throws { BusinessError } 19020001 - memory error.
539     * @throws { BusinessError } 19020002 - runtime error.
540     * @throws { BusinessError } 19030001 - crypto operation error.
541     * @syscap SystemCapability.Security.Cert
542     * @since 9
543     */
544    getSignatureAlgName(): string;
545
546    /**
547     * Get X509 cert signature's algorithm oid.
548     *
549     * @returns { string } X509 cert signature's algorithm oid.
550     * @throws { BusinessError } 19020001 - memory error.
551     * @throws { BusinessError } 19020002 - runtime error.
552     * @throws { BusinessError } 19030001 - crypto operation error.
553     * @syscap SystemCapability.Security.Cert
554     * @since 9
555     */
556    getSignatureAlgOid(): string;
557
558    /**
559     * Get X509 cert signature's algorithm name.
560     *
561     * @returns { DataBlob } X509 cert signature's algorithm name.
562     * @throws { BusinessError } 801 - this operation is not supported.
563     * @throws { BusinessError } 19020001 - memory error.
564     * @throws { BusinessError } 19020002 - runtime error.
565     * @throws { BusinessError } 19030001 - crypto operation error.
566     * @syscap SystemCapability.Security.Cert
567     * @since 9
568     */
569    getSignatureAlgParams(): DataBlob;
570
571    /**
572     * Get X509 cert key usage.
573     *
574     * @returns { DataBlob } X509 cert key usage.
575     * @throws { BusinessError } 19020001 - memory error.
576     * @throws { BusinessError } 19030001 - crypto operation error.
577     * @syscap SystemCapability.Security.Cert
578     * @since 9
579     */
580    getKeyUsage(): DataBlob;
581
582    /**
583     * Get X509 cert extended key usage.
584     *
585     * @returns { DataArray } X509 cert extended key usage.
586     * @throws { BusinessError } 19020001 - memory error.
587     * @throws { BusinessError } 19020002 - runtime error.
588     * @throws { BusinessError } 19030001 - crypto operation error.
589     * @syscap SystemCapability.Security.Cert
590     * @since 9
591     */
592    getExtKeyUsage(): DataArray;
593
594    /**
595     * Get X509 cert basic constraints path len.
596     *
597     * @returns { number } X509 cert basic constraints path len.
598     * @syscap SystemCapability.Security.Cert
599     * @since 9
600     */
601    getBasicConstraints(): number;
602
603    /**
604     * Get X509 cert subject alternative name.
605     *
606     * @returns { DataArray } X509 cert subject alternative name.
607     * @throws { BusinessError } 19020001 - memory error.
608     * @throws { BusinessError } 19020002 - runtime error.
609     * @throws { BusinessError } 19030001 - crypto operation error.
610     * @syscap SystemCapability.Security.Cert
611     * @since 9
612     */
613    getSubjectAltNames(): DataArray;
614
615    /**
616     * Get X509 cert issuer alternative name.
617     *
618     * @returns { DataArray } X509 cert issuer alternative name.
619     * @throws { BusinessError } 19020001 - memory error.
620     * @throws { BusinessError } 19020002 - runtime error.
621     * @throws { BusinessError } 19030001 - crypto operation error.
622     * @syscap SystemCapability.Security.Cert
623     * @since 9
624     */
625    getIssuerAltNames(): DataArray;
626
627    /**
628     * Get certificate item value.
629     *
630     * @param { CertItemType } itemType
631     * @returns { DataBlob } cert item value.
632     * @throws { BusinessError } 401 - invalid parameters.
633     * @throws { BusinessError } 19020001 - memory error.
634     * @throws { BusinessError } 19020002 - runtime error.
635     * @throws { BusinessError } 19030001 - crypto operation error.
636     * @syscap SystemCapability.Security.Cert
637     * @since 10
638     */
639    getItem(itemType: CertItemType): DataBlob;
640  }
641
642  /**
643   * Provides to create X509 certificate object.
644   * The returned object provides the data parsing or verification capability.
645   *
646   * @param { EncodingBlob } inStream - indicate the input cert data.
647   * @param { AsyncCallback<X509Cert> } callback - the callback of createX509Cert.
648   * @throws { BusinessError } 401 - invalid parameters.
649   * @throws { BusinessError } 801 - this operation is not supported.
650   * @throws { BusinessError } 19020001 - memory error.
651   * @syscap SystemCapability.Security.Cert
652   * @since 9
653   */
654  function createX509Cert(inStream: EncodingBlob, callback: AsyncCallback<X509Cert>): void;
655
656  /**
657   * Provides to create X509 certificate object.
658   * The returned object provides the data parsing or verification capability.
659   *
660   * @param { EncodingBlob } inStream - indicate the input cert data.
661   * @returns { Promise<X509Cert> } the promise of X509 cert instance.
662   * @throws { BusinessError } 401 - invalid parameters.
663   * @throws { BusinessError } 801 - this operation is not supported.
664   * @throws { BusinessError } 19020001 - memory error.
665   * @syscap SystemCapability.Security.Cert
666   * @since 9
667   */
668  function createX509Cert(inStream: EncodingBlob): Promise<X509Cert>;
669
670  /**
671   * The CertExtension interface is used to parse and verify certificate extension.
672   *
673   * @typedef CertExtension
674   * @syscap SystemCapability.Security.Cert
675   * @since 10
676   */
677  interface CertExtension {
678    /**
679     * Get certificate extension encoded data.
680     *
681     * @returns { EncodingBlob } cert extension encoded data.
682     * @throws { BusinessError } 19020001 - memory error.
683     * @throws { BusinessError } 19020002 - runtime error.
684     * @throws { BusinessError } 19030001 - crypto operation error.
685     * @syscap SystemCapability.Security.Cert
686     * @since 10
687     */
688    getEncoded(): EncodingBlob;
689
690    /**
691     * Get certificate extension oid list.
692     *
693     * @param { ExtensionOidType } valueType
694     * @returns { DataArray } cert extension OID list value.
695     * @throws { BusinessError } 401 - invalid parameters.
696     * @throws { BusinessError } 19020001 - memory error.
697     * @throws { BusinessError } 19020002 - runtime error.
698     * @throws { BusinessError } 19030001 - crypto operation error.
699     * @syscap SystemCapability.Security.Cert
700     * @since 10
701     */
702    getOidList(valueType: ExtensionOidType): DataArray;
703
704    /**
705     * Get certificate extension entry.
706     *
707     * @param { ExtensionEntryType } valueType
708     * @param { DataBlob } oid
709     * @returns { DataBlob } cert extension entry value.
710     * @throws { BusinessError } 401 - invalid parameters.
711     * @throws { BusinessError } 19020001 - memory error.
712     * @throws { BusinessError } 19020002 - runtime error.
713     * @throws { BusinessError } 19030001 - crypto operation error.
714     * @syscap SystemCapability.Security.Cert
715     * @since 10
716     */
717    getEntry(valueType: ExtensionEntryType, oid: DataBlob): DataBlob;
718
719    /**
720     * Check whether the certificate is a CA(The keyusage contains signature usage and the value of cA in BasicConstraints is true).
721     * If not a CA, return -1, otherwise return the path length constraint in BasicConstraints.
722     * If the certificate is a CA and the path length constraint does not appear, then return -2 to indicate that there is no limit to path length.
723     *
724     * @returns { number } path length constraint.
725     * @throws { BusinessError } 19020001 - memory error.
726     * @throws { BusinessError } 19020002 - runtime error.
727     * @throws { BusinessError } 19030001 - crypto operation error.
728     * @syscap SystemCapability.Security.Cert
729     * @since 10
730     */
731    checkCA(): number;
732  }
733
734  /**
735   * Provides to create certificate extension object.
736   * The returned object provides the data parsing or verification capability.
737   *
738   * @param { EncodingBlob } inStream - indicate the input cert extensions data.
739   * @param { AsyncCallback<CertExtension> } callback - the callback of of certificate extension instance.
740   * @throws { BusinessError } 401 - invalid parameters.
741   * @throws { BusinessError } 801 - this operation is not supported.
742   * @throws { BusinessError } 19020001 - memory error.
743   * @syscap SystemCapability.Security.Cert
744   * @since 10
745   */
746  function createCertExtension(inStream: EncodingBlob, callback: AsyncCallback<CertExtension>): void;
747
748  /**
749   * Provides to create certificate extension object.
750   * The returned object provides the data parsing or verification capability.
751   *
752   * @param { EncodingBlob } inStream - indicate the input cert extensions data.
753   * @returns { Promise<CertExtension> } the promise of certificate extension instance.
754   * @throws { BusinessError } 401 - invalid parameters.
755   * @throws { BusinessError } 801 - this operation is not supported.
756   * @throws { BusinessError } 19020001 - memory error.
757   * @syscap SystemCapability.Security.Cert
758   * @since 10
759   */
760  function createCertExtension(inStream: EncodingBlob): Promise<CertExtension>;
761
762  /**
763   * Interface of X509CrlEntry.
764   *
765   * @typedef X509CrlEntry
766   * @syscap SystemCapability.Security.Cert
767   * @since 9
768   */
769  interface X509CrlEntry {
770    /**
771     * Returns the ASN of this CRL entry 1 der coding form, i.e. internal sequence.
772     *
773     * @param { AsyncCallback<EncodingBlob> } callback - the callback of getEncoded.
774     * @throws { BusinessError } 401 - invalid parameters.
775     * @throws { BusinessError } 19020001 - memory error.
776     * @throws { BusinessError } 19020002 - runtime error.
777     * @throws { BusinessError } 19030001 - crypto operation error.
778     * @syscap SystemCapability.Security.Cert
779     * @since 9
780     */
781    getEncoded(callback: AsyncCallback<EncodingBlob>): void;
782
783    /**
784     * Returns the ASN of this CRL entry 1 der coding form, i.e. internal sequence.
785     *
786     * @returns { Promise<EncodingBlob> } the promise of crl entry blob data.
787     * @throws { BusinessError } 401 - invalid parameters.
788     * @throws { BusinessError } 19020001 - memory error.
789     * @throws { BusinessError } 19020002 - runtime error.
790     * @throws { BusinessError } 19030001 - crypto operation error.
791     * @syscap SystemCapability.Security.Cert
792     * @since 9
793     */
794    getEncoded(): Promise<EncodingBlob>;
795
796    /**
797     * Get the serial number from this x509crl entry.
798     *
799     * @returns { number } serial number of crl entry.
800     * @syscap SystemCapability.Security.Cert
801     * @since 9
802     */
803    getSerialNumber(): number;
804
805    /**
806     * Get the issuer of the x509 certificate described by this entry.
807     *
808     * @returns { DataBlob } DataBlob of issuer.
809     * @throws { BusinessError } 801 - this operation is not supported.
810     * @throws { BusinessError } 19020001 - memory error.
811     * @throws { BusinessError } 19020002 - runtime error.
812     * @syscap SystemCapability.Security.Cert
813     * @since 9
814     */
815    getCertIssuer(): DataBlob;
816
817    /**
818     * Get the revocation date from x509crl entry.
819     *
820     * @returns { string } string of revocation date.
821     * @throws { BusinessError } 19020001 - memory error.
822     * @throws { BusinessError } 19020002 - runtime error.
823     * @throws { BusinessError } 19030001 - crypto operation error.
824     * @syscap SystemCapability.Security.Cert
825     * @since 9
826     */
827    getRevocationDate(): string;
828  }
829
830  /**
831   * Interface of X509Crl.
832   *
833   * @typedef X509Crl
834   * @syscap SystemCapability.Security.Cert
835   * @since 9
836   */
837  interface X509Crl {
838    /**
839     * Check if the given certificate is on this CRL.
840     *
841     * @param { X509Cert } cert - input cert data.
842     * @returns { boolean } result of Check cert is revoked or not.
843     * @throws { BusinessError } 401 - invalid parameters.
844     * @syscap SystemCapability.Security.Cert
845     * @since 9
846     */
847    isRevoked(cert: X509Cert): boolean;
848
849    /**
850     * Returns the type of this CRL.
851     *
852     * @returns { string } string of crl type.
853     * @syscap SystemCapability.Security.Cert
854     * @since 9
855     */
856    getType(): string;
857
858    /**
859     * Get the der coding format.
860     *
861     * @param { AsyncCallback<EncodingBlob> } callback - the callback of getEncoded.
862     * @throws { BusinessError } 401 - invalid parameters.
863     * @throws { BusinessError } 19020001 - memory error.
864     * @throws { BusinessError } 19020002 - runtime error.
865     * @throws { BusinessError } 19030001 - crypto operation error.
866     * @syscap SystemCapability.Security.Cert
867     * @since 9
868     */
869    getEncoded(callback: AsyncCallback<EncodingBlob>): void;
870
871    /**
872     * Get the der coding format.
873     *
874     * @returns { Promise<EncodingBlob> } the promise of crl blob data.
875     * @throws { BusinessError } 401 - invalid parameters.
876     * @throws { BusinessError } 19020001 - memory error.
877     * @throws { BusinessError } 19020002 - runtime error.
878     * @throws { BusinessError } 19030001 - crypto operation error.
879     * @syscap SystemCapability.Security.Cert
880     * @since 9
881     */
882    getEncoded(): Promise<EncodingBlob>;
883
884    /**
885     * Use the public key to verify the signature of CRL.
886     *
887     * @param { cryptoFramework.PubKey } key - input public Key.
888     * @param { AsyncCallback<void> } callback - the callback of getEncoded.
889     * @throws { BusinessError } 401 - invalid parameters.
890     * @throws { BusinessError } 19030001 - crypto operation error.
891     * @syscap SystemCapability.Security.Cert
892     * @since 9
893     */
894    verify(key: cryptoFramework.PubKey, callback: AsyncCallback<void>): void;
895
896    /**
897     * Use the public key to verify the signature of CRL.
898     *
899     * @param { cryptoFramework.PubKey } key - input public Key.
900     * @returns { Promise<void> } the promise returned by the function.
901     * @throws { BusinessError } 401 - invalid parameters.
902     * @throws { BusinessError } 19030001 - crypto operation error.
903     * @syscap SystemCapability.Security.Cert
904     * @since 9
905     */
906    verify(key: cryptoFramework.PubKey): Promise<void>;
907
908    /**
909     * Get version number from CRL.
910     *
911     * @returns { number } version of crl.
912     * @syscap SystemCapability.Security.Cert
913     * @since 9
914     */
915    getVersion(): number;
916
917    /**
918     * Get the issuer name from CRL. Issuer means the entity that signs and publishes the CRL.
919     *
920     * @returns { DataBlob } issuer name of crl.
921     * @throws { BusinessError } 19020001 - memory error.
922     * @throws { BusinessError } 19020002 - runtime error.
923     * @throws { BusinessError } 19030001 - crypto operation error.
924     * @syscap SystemCapability.Security.Cert
925     * @since 9
926     */
927    getIssuerName(): DataBlob;
928
929    /**
930     * Get lastUpdate value from CRL.
931     *
932     * @returns { string } last update of crl.
933     * @throws { BusinessError } 19020001 - memory error.
934     * @throws { BusinessError } 19020002 - runtime error.
935     * @throws { BusinessError } 19030001 - crypto operation error.
936     * @syscap SystemCapability.Security.Cert
937     * @since 9
938     */
939    getLastUpdate(): string;
940
941    /**
942     * Get nextUpdate value from CRL.
943     *
944     * @returns { string } next update of crl.
945     * @throws { BusinessError } 19020001 - memory error.
946     * @throws { BusinessError } 19020002 - runtime error.
947     * @throws { BusinessError } 19030001 - crypto operation error.
948     * @syscap SystemCapability.Security.Cert
949     * @since 9
950     */
951    getNextUpdate(): string;
952
953    /**
954     * This method can be used to find CRL entries in specified CRLs.
955     *
956     * @param { number } serialNumber - serial number of crl.
957     * @returns { X509CrlEntry } next update of crl.
958     * @throws { BusinessError } 401 - invalid parameters.
959     * @throws { BusinessError } 19020001 - memory error.
960     * @throws { BusinessError } 19030001 - crypto operation error.
961     * @syscap SystemCapability.Security.Cert
962     * @since 9
963     */
964    getRevokedCert(serialNumber: number): X509CrlEntry;
965
966    /**
967     * This method can be used to find CRL entries in specified cert.
968     *
969     * @param { X509Cert } cert - cert of x509.
970     * @returns { X509CrlEntry } X509CrlEntry instance.
971     * @throws { BusinessError } 401 - invalid parameters.
972     * @throws { BusinessError } 19020001 - memory error.
973     * @throws { BusinessError } 19030001 - crypto operation error.
974     * @syscap SystemCapability.Security.Cert
975     * @since 9
976     */
977    getRevokedCertWithCert(cert: X509Cert): X509CrlEntry;
978
979    /**
980     * Get all entries in this CRL.
981     *
982     * @param { AsyncCallback<Array<X509CrlEntry>> } callback - the callback of getRevokedCerts.
983     * @throws { BusinessError } 401 - invalid parameters.
984     * @throws { BusinessError } 19020001 - memory error.
985     * @throws { BusinessError } 19030001 - crypto operation error.
986     * @syscap SystemCapability.Security.Cert
987     * @since 9
988     */
989    getRevokedCerts(callback: AsyncCallback<Array<X509CrlEntry>>): void;
990
991    /**
992     * Get all entries in this CRL.
993     *
994     * @returns { Promise<Array<X509CrlEntry>> } the promise of X509CrlEntry instance.
995     * @throws { BusinessError } 401 - invalid parameters.
996     * @throws { BusinessError } 19020001 - memory error.
997     * @throws { BusinessError } 19030001 - crypto operation error.
998     * @syscap SystemCapability.Security.Cert
999     * @since 9
1000     */
1001    getRevokedCerts(): Promise<Array<X509CrlEntry>>;
1002
1003    /**
1004     * Get the CRL information encoded by Der from this CRL.
1005     *
1006     * @returns { DataBlob } DataBlob of tbs info.
1007     * @throws { BusinessError } 19020001 - memory error.
1008     * @throws { BusinessError } 19020002 - runtime error.
1009     * @throws { BusinessError } 19030001 - crypto operation error.
1010     * @syscap SystemCapability.Security.Cert
1011     * @since 9
1012     */
1013    getTbsInfo(): DataBlob;
1014
1015    /**
1016     * Get signature value from CRL.
1017     *
1018     * @returns { DataBlob } DataBlob of signature.
1019     * @throws { BusinessError } 19020001 - memory error.
1020     * @throws { BusinessError } 19020002 - runtime error.
1021     * @throws { BusinessError } 19030001 - crypto operation error.
1022     * @syscap SystemCapability.Security.Cert
1023     * @since 9
1024     */
1025    getSignature(): DataBlob;
1026
1027    /**
1028     * Get the signature algorithm name of the CRL signature algorithm.
1029     *
1030     * @returns { string } string of signature algorithm name.
1031     * @throws { BusinessError } 19020001 - memory error.
1032     * @throws { BusinessError } 19020002 - runtime error.
1033     * @throws { BusinessError } 19030001 - crypto operation error.
1034     * @syscap SystemCapability.Security.Cert
1035     * @since 9
1036     */
1037    getSignatureAlgName(): string;
1038
1039    /**
1040     * Get the signature algorithm oid string from CRL.
1041     *
1042     * @returns { string } string of signature algorithm oid.
1043     * @throws { BusinessError } 19020001 - memory error.
1044     * @throws { BusinessError } 19020002 - runtime error.
1045     * @throws { BusinessError } 19030001 - crypto operation error.
1046     * @syscap SystemCapability.Security.Cert
1047     * @since 9
1048     */
1049    getSignatureAlgOid(): string;
1050
1051    /**
1052     * Get the der encoded signature algorithm parameters from the CRL signature algorithm.
1053     *
1054     * @returns { DataBlob } DataBlob of signature algorithm params.
1055     * @throws { BusinessError } 801 - this operation is not supported.
1056     * @throws { BusinessError } 19020001 - memory error.
1057     * @throws { BusinessError } 19020002 - runtime error.
1058     * @throws { BusinessError } 19030001 - crypto operation error.
1059     * @syscap SystemCapability.Security.Cert
1060     * @since 9
1061     */
1062    getSignatureAlgParams(): DataBlob;
1063  }
1064
1065  /**
1066   * Provides to create X509 CRL object.
1067   * The returned object provides the data parsing or verification capability.
1068   *
1069   * @param { EncodingBlob } inStream - indicates the input CRL data.
1070   * @param { AsyncCallback<X509Crl> } callback - the callback of createX509Crl to return x509 CRL instance.
1071   * @throws { BusinessError } 401 - invalid parameters.
1072   * @throws { BusinessError } 801 - this operation is not supported.
1073   * @throws { BusinessError } 19020001 - memory error.
1074   * @syscap SystemCapability.Security.Cert
1075   * @since 9
1076   */
1077  function createX509Crl(inStream: EncodingBlob, callback: AsyncCallback<X509Crl>): void;
1078
1079  /**
1080   * Provides to create X509 CRL object.
1081   * The returned object provides the data parsing or verification capability.
1082   *
1083   * @param { EncodingBlob } inStream - indicates the input CRL data.
1084   * @returns { Promise<X509Crl> } the promise of x509 CRL instance.
1085   * @throws { BusinessError } 401 - invalid parameters.
1086   * @throws { BusinessError } 801 - this operation is not supported.
1087   * @throws { BusinessError } 19020001 - memory error.
1088   * @syscap SystemCapability.Security.Cert
1089   * @since 9
1090   */
1091  function createX509Crl(inStream: EncodingBlob): Promise<X509Crl>;
1092
1093  /**
1094   * Certification chain validator.
1095   *
1096   * @typedef CertChainValidator
1097   * @syscap SystemCapability.Security.Cert
1098   * @since 9
1099   */
1100  interface CertChainValidator {
1101    /**
1102     * Validate the cert chain.
1103     *
1104     * @param { CertChainData } certChain - indicate the cert chain validator data.
1105     * @param { AsyncCallback<void> } callback - the callback of validate.
1106     * @throws { BusinessError } 401 - invalid parameters.
1107     * @throws { BusinessError } 19020001 - memory error.
1108     * @throws { BusinessError } 19020002 - runtime error.
1109     * @throws { BusinessError } 19030001 - crypto operation error.
1110     * @throws { BusinessError } 19030002 - the certificate signature verification failed.
1111     * @throws { BusinessError } 19030003 - the certificate has not taken effect.
1112     * @throws { BusinessError } 19030004 - the certificate has expired.
1113     * @throws { BusinessError } 19030005 - failed to obtain the certificate issuer.
1114     * @throws { BusinessError } 19030006 - the key cannot be used for signing a certificate.
1115     * @throws { BusinessError } 19030007 - the key cannot be used for digital signature.
1116     * @syscap SystemCapability.Security.Cert
1117     * @since 9
1118     */
1119    validate(certChain: CertChainData, callback: AsyncCallback<void>): void;
1120
1121    /**
1122     * Validate the cert chain.
1123     *
1124     * @param { CertChainData } certChain - indicate the cert chain validator data.
1125     * @returns { Promise<void> } the promise returned by the function.
1126     * @throws { BusinessError } 401 - invalid parameters.
1127     * @throws { BusinessError } 19020001 - memory error.
1128     * @throws { BusinessError } 19020002 - runtime error.
1129     * @throws { BusinessError } 19030001 - crypto operation error.
1130     * @throws { BusinessError } 19030002 - the certificate signature verification failed.
1131     * @throws { BusinessError } 19030003 - the certificate has not taken effect.
1132     * @throws { BusinessError } 19030004 - the certificate has expired.
1133     * @throws { BusinessError } 19030005 - failed to obtain the certificate issuer.
1134     * @throws { BusinessError } 19030006 - the key cannot be used for signing a certificate.
1135     * @throws { BusinessError } 19030007 - the key cannot be used for digital signature.
1136     * @syscap SystemCapability.Security.Cert
1137     * @since 9
1138     */
1139    validate(certChain: CertChainData): Promise<void>;
1140
1141    /**
1142     * The cert chain related algorithm.
1143     *
1144     * @type { string }
1145     * @readonly
1146     * @syscap SystemCapability.Security.Cert
1147     * @since 9
1148     */
1149    readonly algorithm: string;
1150  }
1151
1152  /**
1153   * Provides to create certificate chain object. The returned object provides the verification capability.
1154   *
1155   * @param { string } algorithm - indicates the cert chain validator type.
1156   * @returns { CertChainValidator } the cert chain validator instance.
1157   * @throws { BusinessError } 401 - invalid parameters.
1158   * @throws { BusinessError } 801 - this operation is not supported.
1159   * @throws { BusinessError } 19020001 - memory error.
1160   * @throws { BusinessError } 19020002 - runtime error.
1161   * @throws { BusinessError } 19030001 - crypto operation error.
1162   * @syscap SystemCapability.Security.Cert
1163   * @since 9
1164   */
1165  function createCertChainValidator(algorithm: string): CertChainValidator;
1166}
1167
1168export default cert;
1169